Post-Quantum Secure

Your metadata
vanishes here

Ø Protocol is a mixnet that erases who you talk to, when, and how often — not just what you say. Choose your anonymity layer. Zero logs. Zero compromise.

Download Ø Learn how it works
Why Ø-Protocol

VPNs hide content.
We erase metadata.

Your ISP, government, and attackers can see connection patterns, timing, and volume — even through encryption. That metadata identifies you. We fix that.

🔀

Mixnet architecture

Packets from many users are collected, shuffled, delayed randomly, then forwarded in batches. Observers can't correlate entry and exit timing.

🛡️

Post-quantum crypto

X25519 + ML-KEM-768 hybrid handshake. Even if elliptic curves break tomorrow, your sessions stay secure against quantum attacks.

🧅

Sphinx onion routing

Nested encryption with per-hop MACs. Each relay peels one layer, sees only the next hop. Exit nodes can't trace back to you.

📡

Cover traffic (L3+)

Constant-rate dummy packets defeat traffic analysis. Even if an attacker records all flows, silence patterns reveal nothing about your activity.

🌐

TLS morphing

Traffic looks like ordinary HTTPS. No special ports, no distinguishable handshakes. DPI can't block it without blocking the web.

🔐

Zero-knowledge architecture

We can't see your traffic even if we wanted to. No logs, no session data, no IP correlation. Your anonymity is cryptographically guaranteed, not policy-based.

Your choice

Four security layers

Pick your speed vs anonymity trade-off. Switch anytime based on your threat model.

L1
Fast
1 hop, minimal mixing. Hides content, timing visible.
~10ms
L2
Balanced
2 hops + jitter. Breaks timing correlation.
~50ms
L3
Strong
3 hops + cover traffic. Defeats traffic analysis.
~120ms
L4
Maximum
Full mixnet + PQ. Untraceable by design.
~200ms
L1

Direct Encrypted Tunnel

Client ──[ChaCha20]──▶ Exit ──▶ Internet
Hops: 1
Latency: ~2ms
Transport: Raw

How it works

Fast encrypted tunnel with post-quantum keys. Your traffic goes through a single relay using ChaCha20 encryption. The exit node sees your destination but not your IP. Your ISP sees encrypted traffic to our relay.

✓ Best for

  • Streaming video and gaming (minimal latency)
  • Bypassing geo-restrictions
  • Protecting against local network snooping

⚠ Limitations

  • ISP can see you're using Ø Protocol
  • Single point of trust (the exit node)
  • No protection against timing analysis
L2

Onion Routing (3-hop)

Client ──▶ Guard ──▶ Relay ──▶ Exit ──▶ Internet
Guard: knows client IP, blind to destination
Relay: knows neither client IP nor destination
Exit: knows destination, blind to client IP
Hops: 3
Latency: ~30–50ms
Transport: Obfs4-Lite

How it works

3-hop onion routing with traffic obfuscation. Packets are wrapped in layers of encryption — each relay peels one layer. Obfs4-Lite uses BLAKE2b-keyed XOR scrambling to make packets look like random noise, hiding the Ø Protocol fingerprint from passive observers.

✓ Best for

  • Bypassing censorship (traffic obfuscation)
  • Breaking IP-to-destination correlation
  • General web browsing and file transfers

⚠ Limitations

  • Still vulnerable to advanced timing analysis
  • No cover traffic (silence reveals inactivity)
L3

Selective Sphinx Mixnet 

Client ──▶ Guard ──▶ Relay ──▶ Mix ──▶ Exit ──▶ Internet
Guard: PQ handshake | Relay: Blind hop | Mix: Poisson delay ~20ms
Hops: 4
Format: Sphinx (1024-byte cells)
Latency: ~60–90ms
Mix delays: Poisson ~20ms
Cover traffic: Every 40ms
Circuits: 3 parallel
Transport: TLS 1.3 morphing

How it works

Full mixnet with Sphinx packet format. Traffic is padded to uniform 1024-byte cells, delayed randomly (Poisson distribution), and mixed with cover traffic sent every 40ms. TLS 1.3 morphing makes all traffic look like standard HTTPS — full RFC 8446 ClientHello + AppData framing, classified as HTTPS by Wireshark, DPI appliances, and ISP traffic classifiers.

DNS: Queries go through the full circuit via DoH (DNS-over-HTTPS).

✓ Best for

  • Journalists and activists (default for high-risk users)
  • Defeating traffic analysis and timing attacks
  • Evading deep packet inspection (DPI)
  • Protecting against correlation attacks

⚠ Limitations

  • ~80ms latency (not suitable for real-time gaming)
  • Higher bandwidth usage due to cover traffic
Use case: Marcus reverse-engineers malware C2 servers. L3 hides his real IP and breaks correlation between research sessions — hostile operators can't cluster his visits. The TLS morphing prevents his ISP from flagging suspicious traffic patterns.
L4

Full Mixnet (Maximum Anonymity)

Client ──▶ Guard ──▶ Relay ──▶ Mix ──▶ Exit ──▶ Internet
+ Loop traffic: Fake flows indistinguishable from real
Hops: 4
Mix delays: ~200ms
Transport: TLS 1.3 morphing + Loop traffic
Cover ratio: 3 dummy packets per real packet

How it works

Identical circuit shape to L3 (Guard→Relay→Mix→Exit), but with aggressive loop traffic. Fake flows are indistinguishable from real traffic, defeating global passive adversaries. The cover ratio is 3:1 — for every real packet, 3 dummy packets are sent. TLS 1.3 morphing ensures all traffic looks like HTTPS.

✓ Best for

  • Maximum anonymity against nation-state surveillance
  • Protecting against global passive adversaries
  • High-risk scenarios (whistleblowing, dissidents)

⚠ Limitations

  • ~200ms latency (not suitable for real-time apps)
  • 4x bandwidth usage (3 dummy + 1 real packet)
Use case: Elena is a journalist in Belarus documenting state violence. Her government monitors VPN usage and performs timing analysis. L4's loop traffic makes her sessions indistinguishable from background noise — even if an adversary records all encrypted flows globally, they can't correlate her activity.

Take back your metadata

Free, open-source, and ready to use. Download for macOS, Windows, or Linux.

Coming Soon
Coming Soon
View on GitHub